<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="STYLESHEET" href="lib.css" type='text/css' />
<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
<link rel='start' href='../index.html' title='Python documentation Index' />
<link rel="first" href="lib.html" title='Python library Reference' />
<link rel='contents' href='contents.html' title="Contents" />
<link rel='index' href='genindex.html' title='Index' />
<link rel='last' href='about.html' title='About this document...' />
<link rel='help' href='about.html' title='About this document...' />
<link rel="next" href="module-Bastion.html" />
<link rel="prev" href="restricted.html" />
<link rel="parent" href="restricted.html" />
<link rel="next" href="rexec-objects.html" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name='aesop' content='information' />
<title>28.1 rexec -- Restricted execution framework</title>
</head>
<body>
<div class="navigation">
<div id='top-navigation-panel' xml:id='top-navigation-panel'>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="28. restricted Execution"
  href="restricted.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></a></td>
<td class='online-navigation'><a rel="parent" title="28. restricted Execution"
  href="restricted.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up one Level' width='32' /></a></td>
<td class='online-navigation'><a rel="next" title="28.1.1 rexec Objects"
  href="rexec-objects.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></a></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></a></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></a></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="restricted.html">28. Restricted Execution</a>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="restricted.html">28. Restricted Execution</a>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="rexec-objects.html">28.1.1 RExec Objects</a>
</div>
<hr /></div>
</div>
<!--End of Navigation Panel-->

<h1><a name="SECTION0030100000000000000000">
28.1 <tt class="module">rexec</tt> --
         Restricted execution framework</a>
</h1>

<p>
<a name="module-rexec"></a>

<span class="versionnote">Changed in version 2.3:
Disabled module.</span>

<p>
<div class="warning"><b class="label">Warning:</b>

  The documentation has been left in place to help in reading old code
  that uses the module.
</div>

<p>
This module contains the <tt class="class">RExec</tt> class, which supports
<tt class="method">r_eval()</tt>, <tt class="method">r_execfile()</tt>, <tt class="method">r_exec()</tt>, and
<tt class="method">r_import()</tt> methods, which are restricted versions of the standard
Python functions <tt class="method">eval()</tt>, <tt class="method">execfile()</tt> and
the <tt class="keyword">exec</tt> and <tt class="keyword">import</tt> statements.
Code executed in this restricted environment will
only have access to modules and functions that are deemed safe; you
can subclass <tt class="class">RExec</tt> to add or remove capabilities as desired.

<p>
<div class="warning"><b class="label">Warning:</b>

  While the <tt class="module">rexec</tt> module is designed to perform as described
  below, it does have a few known vulnerabilities which could be
  exploited by carefully written code.  Thus it should not be relied
  upon in situations requiring ``production ready'' security.  In such
  situations, execution via sub-processes or very careful
  ``cleansing'' of both code and data to be processed may be
  necessary.  Alternatively, help in patching known <tt class="module">rexec</tt>
  vulnerabilities would be welcomed.
</div>

<p>
<div class="note"><b class="label">Note:</b>
The <tt class="class">RExec</tt> class can prevent code from performing unsafe
  operations like reading or writing disk files, or using TCP/IP
  sockets.  However, it does not protect against code using extremely
  large amounts of memory or processor time.
</div>

<p>
<dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline">
  <td><nobr><b><span class="typelabel">class</span>&nbsp;<tt id='l2h-5331' xml:id='l2h-5331' class="class">RExec</tt></b>(</nobr></td>
  <td><var></var><big>[</big><var>hooks</var><big>[</big><var>, verbose</var><big>]</big><var></var><big>]</big><var></var>)</td></tr></table></dt>
<dd>
Returns an instance of the <tt class="class">RExec</tt> class.  

<p>
<var>hooks</var> is an instance of the <tt class="class">RHooks</tt> class or a subclass of it.
If it is omitted or <code>None</code>, the default <tt class="class">RHooks</tt> class is
instantiated.
Whenever the <tt class="module">rexec</tt> module searches for a module (even a
built-in one) or reads a module's code, it doesn't actually go out to
the file system itself.  Rather, it calls methods of an <tt class="class">RHooks</tt>
instance that was passed to or created by its constructor.  (Actually,
the <tt class="class">RExec</tt> object doesn't make these calls -- they are made by
a module loader object that's part of the <tt class="class">RExec</tt> object.  This
allows another level of flexibility, which can be useful when changing
the mechanics of <tt class="keyword">import</tt> within the restricted environment.)

<p>
By providing an alternate <tt class="class">RHooks</tt> object, we can control the
file system accesses made to import a module, without changing the
actual algorithm that controls the order in which those accesses are
made.  For instance, we could substitute an <tt class="class">RHooks</tt> object that
passes all filesystem requests to a file server elsewhere, via some
RPC mechanism such as ILU.  Grail's applet loader uses this to support
importing applets from a URL for a directory.

<p>
If <var>verbose</var> is true, additional debugging output may be sent to
standard output.
</dl>

<p>
It is important to be aware that code running in a restricted
environment can still call the <tt class="function">sys.exit()</tt> function.  To
disallow restricted code from exiting the interpreter, always protect
calls that cause restricted code to run with a
<tt class="keyword">try</tt>/<tt class="keyword">except</tt> statement that catches the
<tt class="exception">SystemExit</tt> exception.  Removing the <tt class="function">sys.exit()</tt>
function from the restricted environment is not sufficient -- the
restricted code could still use <code>raise SystemExit</code>.  Removing
<tt class="exception">SystemExit</tt> is not a reasonable option; some library code
makes use of this and would break were it not available.

<p>
<div class="seealso">
  <p class="heading">See Also:</p>

  <dl compact="compact" class="seetitle">
    <dt><em class="citetitle"><a href="http://grail.sourceforge.net/"
        >Grail Home Page</a></em></dt>
    <dd>Grail is a
            Web browser written entirely in Python.  It uses the
            <tt class="module">rexec</tt> module as a foundation for supporting
            Python applets, and can be used as an example usage of
            this module.</dd>
  </dl>
</div>

<p>

<p><br /></p><hr class='online-navigation' />
<div class='online-navigation'>
<!--Table of Child-Links-->
<a name="CHILD_LINKS"><strong>Subsections</strong></a>

<ul class="ChildLinks">
<li><a href="rexec-objects.html">28.1.1 RExec Objects</a>
<li><a href="rexec-extension.html">28.1.2 Defining restricted environments</a>
<li><a href="node846.html">28.1.3 An example</a>
</ul>
<!--End of Table of Child-Links-->
</div>

<div class="navigation">
<div class='online-navigation'>
<p></p><hr />
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="28. restricted Execution"
  href="restricted.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></a></td>
<td class='online-navigation'><a rel="parent" title="28. restricted Execution"
  href="restricted.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up one Level' width='32' /></a></td>
<td class='online-navigation'><a rel="next" title="28.1.1 rexec Objects"
  href="rexec-objects.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></a></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></a></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></a></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="restricted.html">28. Restricted Execution</a>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="restricted.html">28. Restricted Execution</a>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="rexec-objects.html">28.1.1 RExec Objects</a>
</div>
</div>
<hr />
<span class="release-info">Release 2.5.1, documentation updated on 18th April, 2007.</span>
</div>
<!--End of Navigation Panel-->
<address>
See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
</address>
</body>
</html>
